Intel-drafted U.S. data privacy bill would protect firms from fines

Nov 6 (Reuters) - Chipmaker Intel Corp said it is seeking a sponsor in Congress for a U.S. data privacy bill it drafted that would shield companies from fines if they attest to the U.S. Federal Trade Commission annually that they take strong measures to protect consumer data.

Federal and state officials could still force companies to change their data practices and even pay restitution under the proposal, which Intel wrote and began talking to Congress members about this week in an unusual step for a corporation.

But the protection from civil actions would constitute a major win for Silicon Valley tech companies that would come at the cost of being more forthright about how they process user data. Repeat offenders could lose protection, and executives who falsely certify their compliance could face criminal prosecution, according to the proposed legislation provided by the company.

David Hoffman, Intel’s global privacy officer, told Reuters on Tuesday that executives' fear of imprisonment would drive "the best privacy protection you can get."

Intel itself does not collect much consumer data. Big data collectors, such as Facebook Inc and Alphabet Inc's Google, are among the top buyers of Intel's lucrative computer server chips.

Hoffman said increasing consumer privacy concerns over the last five years have lead to "pushback" on electronic health records and education data systems.

"That’s all bad for our business," he said.

Marc Groman, an adjunct law professor at Georgetown University and former White House senior adviser on privacy, said Intel’s proposal should be taken seriously.

He described the safe harbor from fines as reasonable and the grant of rulemaking authority to the FTC as crucial for the legislation to keep up with new technology.

Data privacy has become a pressing political issue in the United States, with major technology companies Facebook, Google and Twitter Inc questioned by Congress on their practices.

In Europe, a General Data Protection Regulation, or GDPR, took effect in May. Breaking privacy laws in Europe can now result in fines of up to 4 percent of a firm's global revenue.

The Intel proposal caps fines at $1 billion and unlike GDPR, does not have a provision requiring companies to notify victims of data breaches.

In the United States, California this year passed tough new privacy rules that tech companies say will be difficult to comply with. In September, Apple Inc, Amazon.com Inc and other companies told Congress they would support a federal law overriding California's rules, which go into effect in 2020. (Reporting by Stephen Nellis and Paresh Dave; Editing by Cynthia Osterman)